Cyber ‘superweapon’ virus uncovered: Russian firm

A Russian computer firm has discovered a new computer virus with unprecedented destructive potential which could be used as a “cyberweapon” by the West and Israel against foes such as Iran.

Kaspersky Lab, one of the world’s biggest producers of anti-virus software, said its experts discovered the virus — known as Flame — during an investigation prompted by the International Telecommunication Union (ITU).

The firm did not say who the virus was aimed against but the announcement comes just a month after Iran said it had halted the spread of a data-deleting virus targeting computer servers in its oil sector.

Kaspersky said the virus was several times larger than the Stuxnet worm that was discovered in 2010 and targeted the Iranian nuclear programme, reportedly at the behest of Western or Israeli security agencies.

It said the main task of Flame is cyber espionage, meaning it steals information from infected machines including documents, screenshots and even audio recordings. It then sends the data to servers all over the world.

Flame is “actively being used as a cyberweapon attacking entities in several countries,” Kaspersky said in a statement late on Monday.

“The complexity and functionality of the newly discovered malicious programme exceed those of all other cyber menaces known to date,” it added.

The origin of the Stuxnet worm has never been made clear but suspicion has fallen on the United States and Israel which both accuse Iran of seeking to build an atomic weapon.

Without giving any indication that Israeli spy agency Mossad could be involved in Flame, Israel’s Strategic Affairs Minister Moshe Yaalon said such cyberweapons were an important part of the arsenal of Iran’s enemies.

“For anyone who sees the Iranian threat as significant, it is reasonable that he would take different steps, including these, in order to hobble it,” he told army radio.

“Israel is blessed with being a country which is technologically rich, and these tools open up all sorts of possibilities for us.”

Kaspersky said the investigation was initiated after a series of incidents with a still unknown virus which deleted data on computers in the “Western Asia” region.

Flame had been “in the wild” for more than two years, since March 2010, Kaspersky said. It gave no clues over which party could have been behind the attack.

“Due to its extreme complexity, plus the targeted nature of the attacks, no security software detected it,” it said. Flame is “one of the most advanced and complete attack-toolkits ever discovered.”

It said that Flame belongs to the same category as previous superworms like Duqu or Stuxnet.

“The Flame malware looks to be another phase in this war and it’s important to understand that such cyber weapons can easily be used against any country,” said Kaspersky Lab CEO and founder Eugene Kaspersky.

Alexander Gostev, chief security expert at Kaspersky Lab said it was alarming that the cyber attack was now in its active phase.

Iran in April said it had set up a crisis committee to combat a mystery cyber attack which hit computers including ones running its main oil export terminal on Kharg Island in the Gulf.

“We shut computers connected to these servers temporarily and fortunately we were able to stop its spread. Thus no information or data were harmed,” deputy oil minister Hamdolah Mohammadnejad said at the time.

DefenceTalk.com, founded in 2003, is a resource for global defence, military, aerospace news and reports. DefenceTalk features professional defence forum for discussions on world armed forces, weapons, military technology and military pictures gallery.